EldoS | Feel safer!

Software components for data protection, secure storage and transfer

I get the following message: "Decryption failed".

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#35136
Posted: 11/30/2015 10:19:20
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

Hi,

I use this code below to encrypt and decrypt a file.
When I use the certificate from a pfx file , it works fine.
If I select the certificate from "Certificate Store" , encrypts . when i decrypt I get the following message: "Decryption failed".

I am using Windows 8 - 64 bit.
Code
  public static TElX509Certificate getTElCertificateBySerialNumber(String serialNumber)
        {
            
            SBWinCertStorage.TElWinCertStorage Storage = new SBWinCertStorage.TElWinCertStorage();

            Storage.SystemStores.Clear();
            Storage.SystemStores.Add("MY");
            
            int C = 0;
            while (C < Storage.Count)
            {
                TElX509Certificate Cert = new TElX509Certificate();
                try
                {
                    Storage.get_Certificates©.Clone(Cert, true);

            
                    SBUtils.Unit.BinaryToString(Cert.SerialNumber);

                    bool b = Cert.PrivateKeyExists;
                    String s = Cert.KeyMaterial.ProviderName;
                    s = SBUtils.Unit.BinaryToString(Cert.SerialNumber);
                    if (SBUtils.Unit.BinaryToString(Cert.SerialNumber) == serialNumber)
                        return Cert;
                }
                catch
                {
                    return null;
                }
                finally
                {
                    C++;
                }

            }
            return null;
        }



public static void myDecrypt(TElX509Certificate cert, String fileEncrypt, String fileDecrypt)
        {
            TElRSAPublicKeyCrypto Crypto;
            Crypto = new TElRSAPublicKeyCrypto();
            Crypto.KeyMaterial = cert.KeyMaterial;
            FileStream streamInput;
            FileStream streamOutput;
            try
            {
                Crypto.InputEncoding = TSBPublicKeyCryptoEncoding.pkeBase64;
                Crypto.OutputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary;

                using (streamInput = new FileStream(fileEncrypt, FileMode.Open))
                {
                    using (streamOutput = new FileStream(fileDecrypt, FileMode.Create))
                    {
                        try
                        {
                            Crypto.Decrypt(streamInput, streamOutput, 0);
                        }
                        catch (Exception ex)
                        {
                            String s = ex.Message;
                        }
                        streamOutput.Close();
                    }
                    streamInput.Close();
                }
            }

            catch (Exception ex)
            {
                String s = ex.ToString();
                MessageBox.Show(s);
            }
        }


        public static void myEncript(TElX509Certificate cert, String origen, String encripted)
        {
            TElRSAPublicKeyCrypto Crypto;

            Crypto = new TElRSAPublicKeyCrypto();
            Crypto.KeyMaterial = cert.KeyMaterial;

            FileStream streamInput;
            FileStream streamOutput;

            try
            {
                Crypto.InputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary;
                Crypto.OutputEncoding = TSBPublicKeyCryptoEncoding.pkeBase64;

                using (streamInput = new FileStream(origen, FileMode.Open))
                {
                    using (streamOutput = new FileStream(encripted, FileMode.Create))
                    {
                        Crypto.Encrypt(streamInput, streamOutput, 0);
                        streamOutput.Close();
                    }
                    streamInput.Close();
                }
            }
            catch (Exception ex)
            {
                String s = ex.ToString();
                MessageBox.Show(s);
            }
          
        }
#35137
Posted: 11/30/2015 10:42:24
by Eugene Mayevski (EldoS Corp.)

Please check that cert in MyDecript method has PrivateKeyExists property set to true. Decryption requires the private key to be present.

On a side note, I’ve noticed there is no Support Access Ticket linked to your user account on EldoS site (you have linked only License Access Ticket). We welcome you to link the Support Access Ticket as well so that our system could indicate you as a person eligible for support. You will find your Support Access Ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.


Sincerely yours
Eugene Mayevski
#35138
Posted: 11/30/2015 10:57:45
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

Yes, the privateKey is present. I check property "PrivateKeyExists" and this is True.
#35139
Posted: 11/30/2015 13:14:50
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

Eugene,

I link the Support Access Ticket to Security Black Box.

Thank you.
#35140
Posted: 12/01/2015 03:11:28
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

I've just cheked your code and it works correctly. Most likely the problem is in the getTElCertificateBySerialNumber method. Please try to simlify it to return an object from the storage without cloning and check if this helps.
#35144
Posted: 12/01/2015 09:27:10
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

I simplify the function “getTElCertificateBySerialNumber” , but it doesn’t work. I get the same error.
FYI: I am generating the certificate(pfx) with these commands, and then I am importing it into the certificate store.

makecert -a sha1 -len 2048 -n "CN=TEST_CER" -sv "Test.pvk" -r -sky Signature -pe test.cer

pvk2pfx -pvk Test.pvk -spc test.cer -pfx test.pfx -po 123456 -f

Below you can see the complete source code:


Code
using System;
using System.Collections.Generic;
using System.Text;
using SBX509;
using System.IO;
using SBPublicKeyCrypto;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {

            SBUtils.Unit.SetLicenseKey("...");
            using (StreamWriter sw = new StreamWriter("text.txt"))
            {
                sw.WriteLine("hello word");
                sw.Close();

                TElX509Certificate cert = getTElCertificateBySerialNumber("06");

                if (cert != null)
                {
                    myEncrypt(cert, @"text.txt", @"encrypted.txt");
                    myDecrypt(cert, @"encrypted.txt", @"decrypted.txt");
                }
            }
        }

        public static void myDecrypt(TElX509Certificate cert, String fileEncrypt, String fileDecrypt)
        {
            TElRSAPublicKeyCrypto Crypto;
            Crypto = new TElRSAPublicKeyCrypto();
            Crypto.KeyMaterial = cert.KeyMaterial;
            FileStream streamInput;
            FileStream streamOutput;

            if (cert.PrivateKeyExists)
            {
                try
                {
                    Crypto.InputEncoding = TSBPublicKeyCryptoEncoding.pkeBase64;
                    Crypto.OutputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary;
                    using (streamInput = new FileStream(fileEncrypt, FileMode.Open))
                    {
                        using (streamOutput = new FileStream(fileDecrypt, FileMode.Create))
                        {
                            try
                            {
                                Crypto.Decrypt(streamInput, streamOutput, 0);
                            }
                            catch (Exception ex)
                            {
                                String s = ex.Message;
                                Console.WriteLine(s);
                            }
                            streamOutput.Close();
                        }
                        streamInput.Close();
                    }
                }
                catch (Exception ex)
                {
                    String s = ex.ToString();
                    Console.WriteLine(s);
                }
            }
            else
            {
                throw new Exception("El certificado no tiene clave privada");
            }
        }


        public static void myEncrypt(TElX509Certificate cert, String origen, String encripted)
        {
            TElRSAPublicKeyCrypto Crypto;

            Crypto = new TElRSAPublicKeyCrypto();
            Crypto.KeyMaterial = cert.KeyMaterial;

            FileStream streamInput;
            FileStream streamOutput;



            try
            {
                Crypto.InputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary;
                Crypto.OutputEncoding = TSBPublicKeyCryptoEncoding.pkeBase64;

                using (streamInput = new FileStream(origen, FileMode.Open))
                {
                    using (streamOutput = new FileStream(encripted, FileMode.Create))
                    {

                        Crypto.Encrypt(streamInput, streamOutput, 0);
                        streamOutput.Close();
                    }
                    streamInput.Close();
                }
            }
            catch (Exception ex)
            {
                String s = ex.ToString();
                Console.WriteLine(s);
            }

        }
    

        public static TElX509Certificate getTElCertificateBySerialNumber(String serialNumber)
        {
            SBWinCertStorage.TElWinCertStorage Storage = new SBWinCertStorage.TElWinCertStorage();
            Storage.SystemStores.Clear();
            Storage.SystemStores.Add("MY");
            int C = 0;
            while (C < Storage.Count)
            {
                try
                {
                    if (SBUtils.Unit.BinaryToString(Storage.get_Certificates©.SerialNumber).ToLower() == serialNumber.ToLower())
                    {
                        return Storage.get_Certificates©;
                    }
                }
                catch(Exception ex)
                {
                    System.Console.WriteLine(ex.Message);
                    return null;
                }
                finally
                {
                    C++;
                }
            }
            return null;
        }
    }

}
#35145
Posted: 12/01/2015 09:43:34
by Ken Ivanov (EldoS Corp.)

Your code looks pretty much OK now and supposedly should work. Therefore the issue might have something to do with the way in which the certificate is generated and/or added to the system store.

Could you please do a quick check for us by importing the sample SecureBlackbox certificate (cert.pfx) to the 'MY' system store by double clicking on it, and then trying to use it from your application? You can identify it in the system store by its Common Name, which is 'SecureBlackbox Demo Certificate', or by its serial number, which is '‎60 0d c0 de'.

This small check will help us understand whether the issue is specific to your particular certificate, or to the environment in general.

Thanks in advance.

Ken

P.S. Just in case, the password for cert.pfx is 'password' (without quotation marks).
#35156
Posted: 12/02/2015 13:08:07
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

The reason why it doesn’t work is because I am using “Signature” as Subject’s key specification.
When I change it as “Exchange”, I can encrypt an decrypt.

Thank you.
#35158
Posted: 12/02/2015 16:15:26
by Ken Ivanov (EldoS Corp.)

Great, we are glad that you've managed to resolve the problem. Thank you for letting us know about the root cause. Indeed, key specification may affect operation capabilities of the imported key.
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 2081 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!